Dean, Barry wrote: ...
[ldap] performing search in OU=UOL,DC=adserer,DC=liv,DC=ac,DC=uk, with filter (sAMAccountName=user) [ldap] looking for check items in directory... [ldap] looking for reply items in directory... WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
I mean, really... what's the issue? ...
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
That should be a hint. Paste the debugging output into the form at:
++[pap] returns noop No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Failed to authenticate the user. Login incorrect: [user] (from client EZProxy port 0) } # server radius Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> user attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. rad_recv: Access-Request packet from host 192.168.0.10 port 63775, id=111, length=49 Waiting to send Access-Reject to client EZProxy port 63775 - ID: 111 Sending delayed reject for request 0 Sending Access-Reject of id 111 to 192.168.0.10 port 63775 Waking up in 4.9 seconds. Cleaning up request 0 ID 111 with timestamp +32
I presume:
if (!EAP-Message) { ldap }
Fails to set Auth-Type LDAP? Yes. It *shouldn't*, either. That was a mistake from 1.x.
I have seen the dire warnings about "Don't set Auth-Type = LDAP" so I have not ventured there as I am sure there are dragons.
---------------------- Barry Dean Principal Programmer/Analyst Networks Group Computing Services Department Tel: 0151 795 9540
------------------------------------------------------------------------
------------------------------------------------------------------------
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html